diff options
Diffstat (limited to 'phpBB/includes/ucp/ucp_pm_compose.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index ae2e367795..a22fc57761 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -25,6 +25,7 @@ function compose_pm($id, $mode, $action) { $action = 'post'; } + add_form_key('ucp_pm_compose'); // Grab only parameters needed here $to_user_id = request_var('u', 0); @@ -532,6 +533,10 @@ function compose_pm($id, $mode, $action) if ($submit || $preview || $refresh) { + if (!check_form_key('ucp_pm_compose')) + { + $error[] = $user->lang['FORM_INVALID']; + } $subject = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); |